Opening Ceremony discovered that an inadvertent breach of security resulted in the exposure of customer names, addresses, credit card numbers, credit card expiration dates, and credit card security codes. The breach was discovered sometime in March and first occurred on or around February 16, 2012.

UPDATE (5/11/2012): The breach lasted between February 16 and March 21 of 2012. Malware was discovered on the website on March 21. Affected customers were mailed notification letters on May 4. Either the credit card information was stored in an unencrypted format on the site in violation of Payment Card Industry Data Security Standard (PCI-DSS) practices, or a hacker was able to place something on the site to get credit card information after it was transmitted. It is more likely that Open Ceremony, an online clothing retailer, was not in compliance with PCI.